DistroWatch Weekly

A weekly opinion column and a summary of events from the distribution world

DistroWatch Weekly

DistroWatch Weekly, Issue 773, 23 July 2018

Welcome to this year's 30th issue of DistroWatch Weekly!
A lot of Linux distributions have relatively short lives. New projects or spins will appear, demonstrate interesting approaches to computing and then disappear as developer attention focuses elsewhere. One of the key exceptions to this pattern is Slackware Linux. Slackware is the oldest surviving Linux distribution still in development and we are pleased to mark the project's 25th anniversary in our News section. We also talk about pfSense releasing subscription services and documentation for free, and discuss the Pentoo project correcting an update bug. The Linux Mint project has faced its own share of bugs lately and we cover how those are being addressed. Our Feature Story this week is a review of Peppermint OS, a distribution which ships with a mixture of local and web-based applications. Joshua Allen Holm provides details on Peppermint OS 9 below. Our Opinion Poll also explores the topic of web applications and we would like to find out how popular web-based solutions are among our readers. Plus we discuss the various types of security offered by different open source operating systems and welcome the NomadBSD project to our database. Below we list the distribution releases of the past week and share the torrents we are seeding. We wish you all a fantastic week and happy reading!

Peppermint OS is a lightweight, Ubuntu-based distribution. Its default desktop environment is a hybrid of LXDE and Xfce. What sets Peppermint apart from other distributions is its reliance on site-specific browsers to provide easy access to web-based applications. This reliance on web-based applications makes the distribution a decent alternative to Chrome OS while still providing a full, traditional Linux desktop experience.

I should admit up front that my normal workflow involves using a lot of traditional desktop applications and very few web-based applications, so trying out Peppermint 9 was a major shift from my normal combination of working in Evolution and LibreOffice. That said, for this review I did switch as much as possible to using the web-based options included in Peppermint 9.

Installing Peppermint 9

Peppermint 9 is available in 32-bit and 64-bit versions. The ISOs for both images are 1.37GB. For this review, I downloaded the 64-bit image and copied it to a flash drive using the dd command. After the flash drive was ready, I booted the computer from the flash drive into a live desktop environment, which had an icon for the installer on the desktop. I opted to start the installation right away, instead of trying out the live environment.

Peppermint 9 uses Ubuntu's Ubiquity installer, so there will be no surprises for anyone who has installed Ubuntu, or any Ubuntu-based distribution, in the past several years. For my installation I simply accepted all the defaults, selected the correct timezone, created my user account, and waited. There is really not much to say about the process, the only difference between Peppermint 9 and Ubuntu is the information presented in the slide show while installing.

After logging in, I was presented with the default Peppermint 9 desktop environment. The desktop's look is pretty typical, but built from components from various different desktop environments. The base session comes from LXDE, but the bottom panel and application menu comes from Xfce. The default file manager is Nemo, which comes from the Cinnamon desktop. Despite the diverse origins of the various components, the desktop fits together well. With no applications running, Peppermint's desktop typically consumed between 350MB and 400MB of RAM.

The default software included in Peppermint 9 is a combination of traditional desktop software and site-specific browsers for web applications. The traditional desktop software includes Firefox, VLC media player, and various utilities. The site-specific browsers include Gmail, Google Calendar, Google Drive, Microsoft Office Online, a few utilities, and six simple games.

The default selection of software is pretty good, but I found the site-specific browser applications to be a little limiting. They worked well enough, but I found the choice of using web applications for all of the default games to be a little odd. If I am stuck off-line, I cannot even play a basic game of solitaire to pass the time, despite there being many different, non-web-based solitaire options to pick from. There are plenty of options available in Peppermint's software repositories, so it would have been nice to pick just one to include by default.

One really interesting application worth specifically mentioning is Advert Blocker, which is a utility that blocks advertisements by modifying the system's /etc/hosts file. The program supports three different block lists, which can be selected separately or combined. I tested the Advert Blocker program with all three lists enabled and found that it worked well at blocking advertisements without breaking basic web browsing.

While the default settings for Peppermint are nice, it is possible to customize it using the Peppermint Setting Panel. This panel has options for accessing most settings, including changing the look and feel of the desktop and windows, configuring hardware, and updating the system. The settings panel is, for the most part, well organized, but I found it a little odd that the "Software & Updates Settings" option was in the "Tweaks" section. Granted, making adjustments to which software repositories are enabled could be classified as tweaking those settings, but the classification seems a little off to me. There are also a few advanced configuration tools that are available from the applications menu.

Installing traditional desktop applications

There are many different ways to add software to Peppermint 9. For non-web-based software, Deb packages can be installed from Ubuntu's repositories and the Peppermint PPA. Peppermint 9 also supports Flatpak and Snaps. GNOME Software, Software Manager (mintInstall), and Synaptic Package Manager are the GUI options for browsing and installing applications. Each of the three applications provides different features, so it is nice to have all of them available by default, but three different GUI package managers might overwhelm new users. Peppermint also comes with GDebi for installing Deb packages that come from outside the distribution's repositories.

Of all the installation methods available, GNOME Software and Software Manager were the easiest to use. I could easily find all the applications that I wanted to install in either of them, but it was nice to have Synaptic around for installing non-GUI applications. Of course, the command line was also a valid alternative, and I often found myself using apt, snap, and flatpak on the command line just because doing so was quicker.

Creating and using site-specific browsers

Peppermint uses a program called Ice to create site-specific browsers. The Ice application makes it really easy to add any website to the application menu. The process is very straightforward. Just enter a URL, select what section of the application menu it should appear under, pick an icon (or use the site's favicon), and select which browser to use. The default is to use Firefox, which is the only browser installed by default, but Ice also works with Chrome, Chromium, and Vivaldi. That is all it takes to create a new site-specific browser application. I was able to quickly create application launchers for GitHub, GitLab, OpenShift, and a few other sites I would want to access on a regular basis as applications.

I found it a somewhat useful to have web-based applications in the application menu and to be able to quickly alt-tab between them as separate applications, but I could honestly make do without them. Having a few pinned tabs in Firefox works just as well for me, but I fully understand that other people might feel differently. That said, Ice is nice utility that more distributions should consider including just to make life easier for people who do want to create site-specific browser applications for the sites they use most frequently.

Final thoughts

While I have to admit that I am not the target audience for a distribution focused on web-based applications, I found Peppermint 9 to be a solid distribution. Despite pulling components from multiple desktop environments, Peppermint 9's desktop is well integrated and easy to use. It was also easy to add both web-based and traditional applications to the system, so the distribution can be adjusted for users who prefer either.

Peppermint 9 is not for everyone, but users who do most their work in Google Docs or Microsoft Office Online should give Peppermint a try. However, users accustomed to using traditional desktop applications might want to stick to one of the many alternatives out there. Yes, Peppermint 9 can be easily adjusted to use traditional desktop applications, but many of the other distribution options out there come with those kinds of applications pre-installed.

* * * * *

Hardware used in this review

My physical test equipment for this review was a Lenovo Ideapad 100-15IBD laptop with the following specifications:

Processor: 2.2GHz Intel Core i3-5020U CPU

Storage: Seagate 500GB 5400 RPM hard drive

Memory: 4GB of RAM

Networking: Realtek RTL8723BE 802.11n Wireless Network Adapter

Display: Intel HD Graphics 5500

* * * * *

Visitor supplied rating

Peppermint OS has a visitor supplied average rating of: 8.9/10 from 141 review(s).
Have you used Peppermint OS? You can leave your own review of the project on our ratings page.

pfSense Gold is a subscription service which provides a number of benefits to its clients, such as additional documentation and a secure, on-line backup service (called AutoConfigBackup or ACB). These and other components of the pfSense Gold service will soon be made available to pfSense users for free. "You may be wondering why we made this change, and why now? The pfSense book and the monthly pfSense Hangouts have proven valuable to many over the years. We decided to open them up to all for free. This brings us to ACB. We've always believed ACB is useful, and that everyone should have it. But, the resource usage required by the package design meant we had to pass some costs onto users. Earlier this year, the Netgate development team rewrote ACB - enabling us to make it available for free. Additionally, while the legacy package version relied on a username/password and a hostname, the new integrated ACB conforms to GDPR best practices. No private information at all is passed to ACB servers." More information on the change can be found in this blog post.

* * * * *

Pentoo is a Gentoo-based distribution used for penetration testing. This week some users of the distribution ran into an issue where the operating system was unable to update. "If your system works, you have no need to read this. You won't hit this issue, it's already fixed. If your system is unable to update, or you have schadenfreude, read on. Sorry. My bad. Very recently some changes were pushed to Pentoo which moved the Pentoo Overlay from /var/lib/layman to /var/db/repos, for a few reasons, none of which are hugely relevant (although one of them was to make gpg verification work). When this was done, it passed a test case on my system, and was pushed without extensive testing. As such, a few issues popped up, all relating to stupid mistakes made my me personally." The project's blog post includes instructions for fixing the potential update errors.

* * * * *

The Linux Mint project has been dealing with a number of bugs in core packages since the release of Linux Mint 19. The new release, which is based on Ubuntu 18.04, has run into regressions in the MESA, GRUB, kernel, and WINE packages. In the project's July monthly newsletter the team addresses some of the concerns and discusses efforts being made to fix these problems. "More recently, a GRUB update triggered an issue in one of our own packages. That issue could only be triggered by a new GRUB update and so it had gone undetected during QA and the beta test. Although it was fixed in a matter of hours in the repositories, it still affects our installation ISO images and it breaks EFI installations when the live session is connected to the Internet. The release notes were updated to ask people to install off-line. New 64-bit ISO images for Linux Mint 19 Cinnamon, MATE and Xfce were produced with the fixed package and they passed QA yesterday. These new ISOs will replace the current images in the days to come.

Be careful with kernel 4.15.0-24. A critical issue causes some computers to boot really slowly, or not to boot at all. Ubuntu is aware of it and working on a fix. We've also received negative feedback from the 4.15 kernel series in Mint 18.x (based on Ubuntu Xenial). Although Ubuntu decided to switch the HWE series towards it, the 4.15 series doesn't appear to support some proprietary drivers yet (nvidia-3.04 and nvidia-340 among them).

We're also aware of regressions in the Bionic base affecting VPN, Samba, WINE (recently fixed). Ubuntu 18.04 is a brand new base and we're sure it will settle, receive bug fixes and get more mature with time."

* * * * *

Slackware Linux is the world's oldest surviving Linux distribution, well known for its stability and conservative approach to adopting new technologies. The Slackware project turns 25 years old this month (Slackware Linux 1.00 was released on July 16, 1993). Though it has been about two years since the last stable version of Slackware was published, work continues in the project's "Current" branch. Happy 25th anniversary, Slackware!

Locking-down-everything asks: Which distro between Qubes, OpenBSD and a hardened one, like Debian, offer the best security against exploiting the OS?

DistroWatch answers: I think it is interesting you chose those three examples, because not only does each of those projects have quite different styles from the end user's point of view, but they take different approaches to security. Qubes OS places a lot of focus on security through isolation. This means that the Qubes team expects applications and services on their operating system may become compromised, but the various components can be kept separate from each other. If an attacker exploits a weakness in one piece of software, that does not grant them access to the rest of the system. Projects which emphasize security through isolation acknowledge that bad things will happen, but by keeping a barrier between different programs, the damage can be minimized. Common examples of security through isolation are running services sandboxes and virtual machines.

The OpenBSD team focuses on security through correctness. Basically, the core operating system is kept as clean and bug free as possible. The idea being that if each program and service is implemented properly, then it cannot be exploited. This is a good approach to take as it makes it very hard to break (or break into) a correctly implemented operating system. The problem is making bug free software takes a lot of effort, both in writing and in auditing the code. As a result, security through correctness does not always scale well. This is why OpenBSD is famously secure, but the third-party ports of software which can be install on OpenBSD may not be audited and installing new programs carries added risk.

Not all, but many, of the hardening techniques projects (such as Debian) employ a third approach called security though obscurity. The obscurity approach gets a lot of bad press, but is often effective, particularly against simple or automated attacks. Security through obscurity relies on hiding things, moving things around, or by keeping secrets. For example, a common hardening practice is to randomize the layout of data in memory so attackers do not know where to find it. Another approach, sometimes used by Debian and FreeBSD, is to hide processes from other users so that other people accessing the computer do not even know what programs you are running.

Ideally, we might imagine that an operating system would strive to use all three methods to secure the system. However, each layer of security takes time and effort - some may even be mutually exclusive. The OpenBSD team, for example, has historically downplayed using virtual machines or sandboxes (security by isolation) because such tools add complexity. Larger, more complex code is harder to audit for correctness and may contain its own bugs.

Which approach is best will depend on what you are protecting yourself from. If you are looking for a way to compartmentalize your life and make sure that if someone compromises your web browser they don't get your work credentials then Qubes is probably the best option. If you plan to run a firewall or web server and hope to guard against remote exploits then OpenBSD's approach will be a good fit. On the other hand, if you plan to run a lot of software and want to guard against the most common automated attacks then Debian probably offers the most practical approach.

While it is not convenient to use all three approaches at once, you can try to combine aspects of correctness, isolation and obscurity at the same time. For example, running a hardened Debian system with network facing programs running in a sandbox (such as Firejail) will provide an extra layer of protection. The important thing, in my opinion, is to figure out what kind of attacks you want to guard against and pick the best tool to defend against those attacks.

SUSE has announced the availability of a new version of the company's SUSE Linux Enterprise distribution. The latest release, which was originally announced on June 25 with the trial download becoming available on July 17, is version 15 and includes a focus on lowering the barrier for transitioning between the openSUSE community distribution and SUSE Linux Enterprise (SLE). "SUSE today launched SUSE Linux Enterprise 15, the latest version of its flagship operating platform that bridges next-generation software-defined infrastructure with traditional infrastructure technologies. The modern, modular operating system helps simplify multimodal IT, makes traditional IT infrastructure more efficient and provides an engaging platform for developers. As a result, organizations can easily deploy and transition business-critical workloads across on-premise and public cloud environments." Further information can be found in the company's pressreleases and in the release notes.

The NetBSD team has announced a new version of their project's highly portable operating system. The new version, NetBSD 8.0, included support for USB 3, reproducible builds, in-kernel audio mixing and address layout randomization for improved security. "USB stack rework, USB3 support added. In-kernel audio mixer (audio_system(9)). Reproducible builds (MKREPRO, see mk.conf(5)). Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis. PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk, pmax. PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, pmax, sparc64. Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64." Further details can be found in the project's release notes.

Leszek Lesner has announced the release of Neptune 5.4, an updated build of the project's desktop Linux distribution based on Debian's "stable branch" and featuring the KDE Plasma 5.12 desktop: "We are proud to announce version 5.4 of Neptune. In this update we introduce a new look-and-feel package called 'Neptune Dark'. It comes together with a modified icon theme, called 'Faenza Dark'. We improved hardware support further by providing Linux kernel 4.16.16 with improved drivers and bug fixes. Other main changes in this version are the update of KDE Frameworks to version 5.48 and KDE Applications to version 18.04.3. As the new KF5 version is not compatible with Qt 5.7 anymore we had to backport its patches to version 5.45. VLC has been updated to 3.0.3 to provide more speed and lots of bug fixes. Thunderbird 52.9 fixes issues with encrypted HTML e-mails. The Excalibur menu is now available in version 2.7 which provides some bug fixes in regards to multiple activities and moving favorites around. KWin, the default window manager for Plasma, got an update to version 5.12.5 which is now the real version and which we adjusted to be compiled against Qt 5.7." See the release announcement and changelog for further details.

The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.

Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.

In our main story this week we discussed Peppermint OS, a lightweight distribution which mixes web-based applications with local, desktop programs. This week we would like to learn how popular web apps are among our readers. Do you use a few (perhaps for e-mail), a handful, or do you run virtually everything through a web browser?

NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery.

This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 30 July 2018. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to: